My Kernel Debugger Won’t Connect

Hello ntdebugging readers, the Debug Ninja is back again with a quick blog this holiday season.I recently encountered a situation where the kernel debugger could not connect to a Windows Server 2008 R2 system running in a Hyper-V virtual machine.The configuration appeared correct; however, the debugger would not connect to the VM.

In windbg you can use Ctrl+Alt+D to view the debugger’s internal information flow.In KD use Ctrl+D followed by ENTER to toggle the output.Enabling this output I could see that the debugger was unable to read from the debug port, and that it was getting timeouts.The error "SYNCTARGET: Timeout." is a clear indication that the debug host cannot communicate with the debug target, especially when this error appears after a “Send Break in” message.

Because I was using a named pipe on a Hyper-V VM I knew that I didn't have a bad cable, although this is a common cause of kernel debug failures.I also knew that the configuration of the VM was correct, and I could use the debugger for other VMs on this server.The problem was most likely with the OS running in the VM.

By checking Device Manager I was able to confirm that there was a problem with the configuration of the OS running in the VM.The bcdedit settings were configured to use COM1, and this should make COM1 unavailable in the OS, however, COM1 was present in device manager.For some reason the debugger was not capturing COM1 on boot as it was configured to.

Examining the bcd configuration of this server I found that the bcd configuration was not correct.In the bcd store of normal Windows 7 or Windows Server 2008 R2 OS, the Windows Boot Loader sections of bcdedit have an inherit setting.You can view this information on your system from an elevated command prompt using the command ‘bcdedit /enum all’.Ordinarily the Windows Boot Loader inherits the {bootloadersettings}, the {bootloadersettings} inherit the {globalsettings}, and the {globalsettings} inherit the {dbgsettings}.Without the inherit settings, the debugger configuration will not be read by the boot loader.

Below are the bcd settings from the broken VM.You can see that all of the normal inherited settings are missing.

C:\Windows\system32>bcdedit /enum all

Windows Boot Manager

--------------------

identifier{bootmgr}

devicepartition=C:

path\bootmgr

descriptionWindows Boot Manager

localeen-US

default{current}

displayorder{current}

timeout30

Windows Boot Loader

-------------------

identifier{current}

devicepartition=C:

path\Windows\system32\winload.exe

descriptionWindows Server 2008 R2 Standard (recovered)

localeen-US

osdevicepartition=C:

systemroot\Windows

resumeobject{2ec5363f-2a92-11e1-bbe4-806e6f6e6963}

usefirmwarepcisettingsNo

debugYes

Resume from Hibernate

---------------------

identifier{2ec5363f-2a92-11e1-bbe4-806e6f6e6963}

devicepartition=C:

path\Windows\system32\winresume.exe

descriptionWindows Server 2008 R2 Standard (recovered)

localeen-US

inherit{resumeloadersettings}

filedevicepartition=C:

filepath\hiberfil.sys

debugoptionenabledYes

Windows Memory Tester

---------------------

identifier{memdiag}

devicepartition=C:

path\boot\memtest.exe

descriptionWindows Memory Diagnostic

localeen-US

Debugger Settings

-----------------

identifier{dbgsettings}

debugtypeSerial

debugport1

baudrate115200

Because my only interest in this VM was to get the debugger working, I did not add all of the missing settings to the bcd store.I was able to force the debugger configuration to be read on boot using this command:

bcdedit /set inherit {dbgsettings}

I hope this helps the next time you are trying to configure a debugger and it does not work.Remember that we don't just need the debugger to be turned on and be configured; we need the settings to be inherited as well.